The need for security, along with the idea that innovation is critical to counter the evolving threat landscape, will drive cybersecurity spending despite Covid-19’s economic impact. Companies worldwide are expected to spend $115bn on security in 2020, according to GlobalData figures.
Listed below are the key macroeconomic trends impacting the cybersecurity industry, as identified by GlobalData.
The Covid-19 pandemic has increased cyber risk significantly. Until a vaccine is available, businesses will have to factor in greater cyber risk. Attacks will continue to target the tools used by remote workers, including fake requests to reset VPN accounts, faked sign-in pages video conferencing accounts, or bogus incoming chat request from colleagues on corporate messaging systems.
From Russian interference in the 2016 US presidential elections to Cambridge Analytica and Facebook’s role in the UK’s Brexit referendum, there are international concerns about the impact of unwarranted cyber activity on democracy. Disinformation campaigns and deepfake technology are being used to influence public opinion, major transportation systems can be disrupted to prevent citizens from getting to the polls, and there have been attacks on voter registration databases.
The cyber skills shortage
According to international cybersecurity organisation (ICS)2, the current cybersecurity workforce gap in the US is nearly 500,000, and the global gap in November 2019 was over 4 million jobs. The types of jobs currently most in demand are forensics, cyber automation engineering, security operations centre (SOC) analysis, cloud network architecture, consulting in advanced threat solutions, and cybersecurity analysis, according to job vacancies posted on GlobalData’s Jobs Analytics database.
Psychology as part of security assessment
Psychology will be a focus for security during 2020, as companies attempt to understand how attackers and their staff think. Cyberattackers are usually at least one step – ahead of those defending the enterprise. Understanding the psychology of attackers, from state-supported actors to individual troublemakers, may help organisations identify the weaknesses in their defences. Organisations typically use personality testing in recruitment, and the same tests could also be used to identify those most vulnerable to cyber threats.
Understanding people to deliver better security
On top of understanding attackers’ motivation, organisations such as the Royal Holloway University of London’s Information Security Group and the National Cyber Security Center want to get a better understanding of employees’ perspectives on security. Adopting an approach that understands how people work is likely to help drive better-designed security technologies and practices that support people’s needs. This people-centric approach is backed by suppliers like Proofpoint, which advocates deploying a solution that gives users visibility into who, how, and why someone is being attacked, and whether they clicked on something.
Attacked companies are more likely to pay ransoms
An increasing number of organisations suffering ransomware attacks are deciding that paying up is their best policy. Previously, the FBI had insisted that paying ransoms emboldened criminals but, in 2019, it admitted that, faced with an inability to function, executives would consider all options in the face of an attack, including paying up. The challenge for the cybersecurity industry will be to reduce both the number of attacks and the number of organisations opting to pay the ransom.
Attacks on the rich and famous
The alleged hack of Amazon founder Jeff Bezos showed that even the very richest are not immune to sophisticated cyberattacks. The 2018 attack, apparently involving the WhatsApp messaging service, was reported to have spooked wealthy individuals into looking for bespoke personal cybersecurity services to protect themselves. With geopolitical tensions rising and more countries investing in cyber warfare, a growing service area is executive threat exposure reviews, which involves scanning the web for personal information that could find its way onto social media sites and be used in customised phishing attacks against wealthy individuals.
Governments step up their cyber offense
Governments are moving to create – and justify – their use of offensive capabilities against cyberterrorists and cybercriminals. The problem is that they want to operate under a cloak of secrecy. The UK is on the verge of announcing an offensive cyber force to match that of the US, which has also started to acknowledge that it might have such a capability. The UK National Cyber Force is expected to comprise 500 cyber specialists. It is likely to be a joint operation between the Ministry of Defence and the Government Communications Headquarters (GCHQ) and follow appropriate rules of engagement that would allow it to take action against hostile states and terror groups by targeting their satellite, mobile, and IT networks.
This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.